Biblio

Filters: Author is Kantzavelou, Ioanna  [Clear All Filters]
2022-07-14
Papaspirou, Vassilis, Maglaras, Leandros, Ferrag, Mohamed Amine, Kantzavelou, Ioanna, Janicke, Helge, Douligeris, Christos.  2021.  A novel Two-Factor HoneyToken Authentication Mechanism. 2021 International Conference on Computer Communications and Networks (ICCCN). :1–7.
The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed. The proposed research work aims at enhancing this security mechanism, prevent penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.
2019-10-23
Kontogeorgis, Dimitrios, Limniotis, Konstantinos, Kantzavelou, Ioanna.  2018.  An Evaluation of the HTTPS Adoption in Websites in Greece: Estimating the Users Awareness. Proceedings of the 22Nd Pan-Hellenic Conference on Informatics. :46-51.

The adoption of the HTTPS - i.e. HTTP over TLS - protocol by the Hellenic websites is studied in this work. Since this protocol constitutes a de-facto standard for secure communications in the web, our aim is to identify whether the underlying TLS protocol in popular websites in Greece is properly configured, so as to avoid known vulnerabilities. To this end, a systematic approach utilizing two well-known TLS scanner tools is adopted to evaluate 241 sites of high popularity. The results illustrate that only about half of the sites seem to be at a satisfactory level and, thus, there is still much room for improvement, mainly due to the fact that obsolete ciphers and/or protocol versions are still supported; there is also a small portion - i.e. about 3% of the sites - that do not implement the HTTPS at all, thus posing very high security risks for their users who provide their credentials via a totally insecure channel. We also examined, using an appropriate online questionnaire, whether the users are actually aware of what the HTTPS means and how they check the security of the websites. The outcome of this research shows that much work needs to be done to increase the knowledge and the security awareness of an average Internet user.